AgentForge
Security & Trust

Security & Trust at AgentForge

Your data and your clients' data are our responsibility. Here's exactly how we protect them.

Infrastructure

Enterprise-grade infrastructure

Built on Vercel Edge Network and Neon serverless PostgreSQL to guarantee maximum availability, global performance, and regulatory compliance.

  • Hosted on Vercel Edge Network — global CDN with 99.9% availability target
  • Database: Neon PostgreSQL with encryption at rest (AES-256)
  • All data in transit encrypted via TLS 1.3
  • Zero downtime deployments — no maintenance windows
☁️Edge Network
Vercel (global CDN)
Database
Neon PostgreSQL (AES-256)
💾Encryption in transit
TLS 1.3
🔒Deployments
Zero downtime
Availability
99.9% target
Data Privacy

Your data stays yours

We collect only what we need, store it safely, and never sell it. Here's our commitment in plain language.

GDPR Compliant

Full compliance with EU GDPR. Data Processing Agreement available on request.

No data sharing

We never sell or share your data with third parties for advertising or analytics purposes.

Data deletion

Request complete deletion of your data at any time. We process deletion requests within 30 days.

Minimal collection

We collect only what is strictly necessary to provide the service. No tracking pixels, no hidden data collection.

Authentication

Secure authentication by design

We use industry-standard authentication protocols to protect every account on the platform.

NextAuth v5 with JWT rotation — session tokens are short-lived and automatically refreshed

Google OAuth 2.0 — sign in with your Google account without sharing your password

Passwords hashed with bcrypt (cost factor 12) — we never store passwords in plaintext

Configurable session timeout — sessions expire automatically after inactivity

API Security

Every API call is protected

From API keys to webhook signatures, every integration point is secured by design.

API keys with sk-af- prefix, scoped per-user. Revokable instantly from your dashboard.

Rate limiting on all routes — prevents abuse and protects against brute-force attacks.

Webhook signature verification with HMAC-SHA256 — verify every inbound payload is authentic.

Certifications and standards

Where we are today and where we're headed — no false claims.

GDPR

Compliant

SOC 2 Type II

Planned Q3 2026

ISO 27001

Planned
Security Roadmap

What's coming next

We believe transparency about our security roadmap shows maturity, not weakness. Here's what we're working toward.

SOC 2 Type II certification

Planned Q3 2026

Third-party penetration testing

Planned Q2 2026
Responsible Disclosure

Found a vulnerability?

We believe in collaborative security. If you discover a vulnerability in our platform, please report it responsibly before public disclosure. We take every report seriously.

security@agentforge.solutions

We respond to all security reports within 48 hours.